Help Center/ Cloud Container Engine/ Kubernetes Basics/ Pods, Liveness Probes, Labels, and Namespaces/ Namespaces
Updated on 2025-07-29 GMT+08:00
View PDF

Namespaces

Video Tutorial

Overview of Namespaces

Labels are simple and efficient, but excessive use can lead to overlap and complicate queries. To address this, Kubernetes provides namespaces to divide systems with multiple components into distinct, non-overlapping groups. Namespaces can also separate resources among tenants, allowing multiple teams to share the same cluster.

Resources can share the same name as long as they are in different namespaces. However, global resources like worker nodes and PVs are not namespace-specific. We will cover this in more detail later.

Run the following command to obtain the namespaces in a cluster:

$ kubectl get ns
NAME               STATUS   AGE
default            Active   36m
kube-node-lease Active   36m
kube-public        Active   36m
kube-system        Active   36m

All operations are currently performed in the default namespace. If you run kubectl get without specifying a namespace, the default namespace will be used by default.

Run the following command to check resources in namespace kube-system:

$ kubectl get po --namespace=kube-system
NAME                                      READY   STATUS    RESTARTS   AGE
coredns-7689f8bdf-295rk                   1/1     Running   0          9m11s
coredns-7689f8bdf-h7n68                   1/1     Running   0          11m
everest-csi-controller-6d796fb9c5-v22df   2/2     Running   0          9m11s
everest-csi-driver-snzrr                  1/1     Running   0          12m
everest-csi-driver-ttj28                  1/1     Running   0          12m
everest-csi-driver-wtrk6                  1/1     Running   0          12m
icagent-2kz8g                             1/1     Running   0          12m
icagent-hjz4h                             1/1     Running   0          12m
icagent-m4bbl                             1/1     Running   0          12m

You can see many pods in kube-system. For example, coredns is used for service discovery, everest-csi for accessing storage services, and icagent for interconnecting with a monitoring system.

These essential pods are placed in the kube-system namespace to isolate them from other pods. This ensures they are invisible to and unaffected by resources in other namespaces.

Creating a Namespace

Define a namespace.

apiVersion: v1 
kind: Namespace 
metadata: 
  name: custom-namespace

Run kubectl to create it.

$ kubectl create -f custom-namespace.yaml
namespace/custom-namespace created

You can also run kubectl create namespace to create a namespace.

$ kubectl create namespace custom-namespace 
namespace/custom-namespace created

Create resources in the namespace.

$ kubectl create -f nginx.yaml -n custom-namespace 
pod/nginx created

The namespace custom-namespace now contains a pod named nginx.

Isolation of Namespaces

Namespaces are used to group resources for organizational purposes only. Objects running in different namespaces are not inherently isolated. For example, if pods in two namespaces know each other's IP addresses and the underlying network does not provide isolation between namespaces, the pods can still communicate with each other.